name: Phylum Analyze
on:
    pull_request_target:
        types: [labeled, opened, synchronize, reopened]
        paths:
            - "ingestion/**"
            - "openmetadata-service/**"
            - "openmetadata-ui/**"

jobs:
  analyze_deps:
    name: Analyze dependencies with Phylum
    environment: test
    permissions:
      contents: read
      pull-requests: write
    runs-on: ubuntu-latest
    steps:

      - name: Wait for the labeler
        uses: lewagon/wait-on-check-action@v1.3.3
        if: ${{ github.event_name == 'pull_request_target' }}
        with:
          ref: ${{ github.event.pull_request.head.sha }}
          check-name: Team Label
          repo-token: ${{ secrets.GITHUB_TOKEN }}
          wait-interval: 90
      - name: Verify PR labels
        uses: jesusvasquez333/verify-pr-label-action@v1.4.0
        if: ${{ github.event_name == 'pull_request_target' }}
        with:
          github-token: '${{ secrets.GITHUB_TOKEN }}'
          valid-labels: 'safe to test'
          pull-request-number: '${{ github.event.pull_request.number }}'
          disable-reviews: true  # To not auto approve changes
      - name: Checkout the repo
        uses: actions/checkout@v4
        with:
          ref: ${{ github.event.pull_request.head.sha }}
          fetch-depth: 0
      - name: Analyze dependencies
        uses: phylum-dev/phylum-analyze-pr-action@v2
        with:
          github_token: ${{ secrets.GITHUB_TOKEN }}
          phylum_token: ${{ secrets.PHYLUM_TOKEN }}
          cmd: |
            phylum-ci -vv \
            --depfile ingestion/setup.py \
            --depfile ingestion/pyproject.toml \
            --depfile openmetadata-service/pom.xml \
            --depfile openmetadata-ui/src/main/resources/ui/yarn.lock